Device-type authentication in communication systems
Abstract
In a communication system ( 1 ), a header comprising information, preferably being related with a device-type associated commitment, is additionally provided with a signature for that information. The signature guarantees the authenticity of the header information. The signature is tamper-resistantly created in a first device ( 20 ), preferably based on at least tamper-resistant device-type specific information of the first device ( 20 ). The header information and the signature are communicated to a content provider ( 10 ), where the signature is verified before accepting the device-type associated commitment to be valid. Such signatures can preferably be used in systems using HTTP or SMTP.
Claims
exact text as granted — not AI-modified1. Method for device-type authentication in a communication system, comprising the steps of:
providing, in a first device connected to said communication system, first header information of a communication message;
said first header information being related with a device-type associated commitment;
said device-type associated commitment being a commitment for devices of a particular device-type regarding what capability the devices support;
tamper-resistantly creating a first signature in said first device based on at least tamper-resistant device-type specific information of said first device;
providing, in said first device, second header information of said communication message comprising said signature;
communicating said communication message to a second device connected to said communication system; and
authenticating said first header information by verifying said first signature after said communicating step,
wherein said step of authenticating in turn comprises:
determining, in said second device, a device-type of said first device based on said first header information;
creating a second signature in said second device based on at least tamper-resistant information associated with said determined device-type; and
accepting said determined device-type as authentic if said first and second signatures agree.
2. Method according to claim 1 , wherein said communication system is based on a transfer protocol selected from the group: of HyperText Transfer Protocol and Simple Mail Transfer Protocol.
3. Method according to claim 2 , wherein said device-type associated commitment is a commitment to follow Digital Rights Management compliance.
4. Method according to claim 1 , wherein said first device is a user terminal.
5. Method according to claim 1 , wherein said second device is a server.
6. Method according to claim 1 , wherein said device-type specific information comprises a definition of an algorithm according to which said signature is to be created.
7. Method according to claim 1 , wherein said device-type specific information comprises a data string being unique for each particular device type.
8. Method according to claim 1 , wherein said step of creating a signature is additionally based on at least one item in the group of: time, date and header information.
9. Method for device-type authentication in a communication system, comprising the steps of:
providing, in a first device connected to said communication system, first header information of a communication message;
said first header information being related with a device-type associated commitment;
said device-type associated commitment being a commitment for devices of a particular device-type regarding what capability the devices support;
tamper-resistantly creating a first signature in said first device based on at least tamper-resistant device-type specific information of said first device;
providing, in said first device, second header information of said communication message comprising said signature;
communicating said communication message to a second device connected to said communication system; and
authenticating said first header information by verifying said first signature after said communicating step,
wherein said step of authenticating in turn comprises:
forwarding information about said first header information and said first signature from said second device to a third device connected to said communication system;
requesting a verification of the authenticity of said first header information by said third device; and
accepting said first header information as authentic if said third device provides a positive verification.
10. Method according to claim 9 , wherein said third device is associated with a manufacturer of said first device.
11. Communication device connectable to a communication system, comprising:
a communication interface for receiving a communication message from a sending device connected to said communication system;
said communication message comprising first header information being related with a device-type associated commitment;
said device-type associated commitment being a commitment for devices of a particular device-type regarding what capability the devices support;
said communication message further comprising second header information in turn comprising a first signature; and
authenticating circuitry arranged to verify said first signature,
wherein said authenticating circuitry comprises:
circuitry arranged to determine a device-type of said sending device based on said first header information;
storage for storing device-type specific information of communication devices;
a signature generator arranged to retrieve device-type specific information corresponding to said determined device-type;
said signature generator being further arranged to create a second signature based on said retrieved device-type specific information; and
circuitry arranged to accept said determined device-type as authentic if said first and second signatures agree.
12. Communication device according to claim 11 , wherein said communication interface is arranged to support a transfer protocol selected from the group: of HyperText Transfer Protocol and Simple Mail Transfer Protocol.
13. Communication device according to claim 12 , further comprising Digital Rights Management means, whereby said device-type associated commitment is a commitment to follow Digital Rights Management compliance.
14. Communication device according to claim 11 , wherein said communication device is a server.
15. Communication device connectable to a communication system, comprising:
a communication interface for receiving a communication message from a sending device connected to said communication system;
said communication message comprising first header information being related with a device-type associated commitment;
said device-type associated commitment being a commitment for devices of a particular device-type regarding what capability the devices support;
said communication message further comprising second header information in turn comprising a first signature; and
authenticating circuitry arranged to verify said first signature,
wherein said authenticating circuitry is arranged to:
forward information about said first header information and said first signature to a further device connected to said communication system;
request a verification of the authenticity of said first header information by said further device; and
accept said first header information as authentic if said further device provides a positive verification.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.